PT-2026-35281

A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the...

PT-2026-35432

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete category. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit ha...

PT-2026-35531

A vulnerability has been found in dmitryglhf mcp-url-downloader up to 4b8cf2de55f6e8864a77d108e8a94a5b8e4394c6. Affected by this issue is the function validate url safe of the file src/mcp url downloader/server.py. Such manipulation of the argument url leads to server-side request forgery. The...

PT-2026-35537

A vulnerability has been found in aligungr UERANSIM up to 3.2.7. The affected element is the function rls::DecodeRlsMessage in the library src/lib/rls/rls pdu.cpp of the component Radio Link Simulation Layer. The manipulation of the argument pduLength leads to uncaught exception. The attack may b...

PT-2026-35349

A vulnerability has been found in likeadmin-likeshop likeadmin php up to 1.9.6. Affected by this issue is the function queryResult of the file serverappadminapiliststoolsDataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to be...

PT-2026-35516

A vulnerability has been found in dexhunter kaggle-mcp up to 406127ffcb2b91b8c10e20e6c2ca787fbc1dc92d. This vulnerability affects the function prepare kaggle dataset of the file src/kaggle mcp/server.py. The manipulation of the argument competition id leads to path traversal. The attack is possib...

PT-2026-35417

A vulnerability was found in Totolink A8000RU 7.1cu.643 b20200521. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument setIptvCfg results in os command injection. The attack can be initiated remotely. The...

PT-2026-35420

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /ajax.php?action=save category. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released ...

PT-2026-35355

A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated...

PT-2026-35375

A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit has been...

PT-2026-35532

A vulnerability was found in douinc mkdocs-mcp-plugin up to 0.4.1. This affects the function read document/list documents of the file server.py. Performing a manipulation of the argument docs dir/file path results in path traversal. The attack is possible to be carried out remotely. The exploit h...

PT-2026-35542

A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be...

PT-2026-35520

A vulnerability was identified in Totolink A8000RU 7.1cu.643 b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument telnet enabled leads to os command injection. It is possible to launch the...

PT-2026-35353

A security flaw has been discovered in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=save sales. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been...

PT-2026-35366

A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been...

PT-2026-35409

A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injection. The attack may be performed from remote. The exploit is now public and may be used...

PT-2026-35377

Name of the Vulnerable Software and Affected Versions Tenda F456 version 1.0.0.5 Description A flaw in the httpd component allows a remote attack to cause a buffer overflow, which occurs when a program writes more data to a storage area than it can hold. The issue is located in the fromNatlimitof...

PT-2026-35499

A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update passwd process.php. The manipulation of the argument temp user results in authorization bypass. The attack can be launched remotely. The exploit has been...

PT-2026-35395

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent version 0.8.0 Description A flaw in the Webhooks Endpoint component, specifically within the gateway/platforms/webhook.py file, allows for missing authentication. This occurs through the manipulation of the INSECURE N...

PT-2026-35534

A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/provider/...path/route.ts. The manipulation results in server-side request forgery. The attack may be performed from remote. The exploit has been...